Why we use issuer profile hosted url?
If issuer profile is only used for validation of publicKey(Authenticity), can we append issuer publicKey in blockchain certificate and verify it without depending on issuer hosted URI.
I’m guessing you’re talking about the issuer_id field in the cert-tools conf.ini file.
They talk about how to create that issuer id json file here.
generate a JSON issuer identity file with “python create_v2_issuer.py -c conf-ini -o issuer.json”. The conf.ini is the same that you are using to generate the certificate template, and to instantiate the certificates. You will find this python module in cert-tools.
I’m not sure you can just plug it in the file like you suggested. It seems like it needs to resolve a url. I’m planning on hosting mine on a site like myjson.com, but you could also just host it yourself if you’re using a webserver, like the one built into flask:
The previous step will generate a JSON file identifying the issuer, that has to be saved in the exact location that you are declaring in the conf.ini file used also in the previous step. Since I’m using Flask, the line inside the conf.ini looks like:
- issuer_id = http://localhost:5000/issuer/issuer.json
how can we identify the certificate issuing organization is valid or not (it may be possible that someone make fake issuer profile and can issue certificates)
Well I believe anyone can issue certificates, so technically no issuer is invalid. I suppose an employer would have to decide whether to take the certificate seriously or not, perhaps by visiting the issuer url and checking out their website.
Now if an issuer is trying to pretend to be someone they’re not, like if someone made certificates using M.I.T.'s logo for example, then we would need a public registry, so you could compare the public key in the given certificate against M.I.T’s publicly registered key.